Privacy Policy

This policy has been prepared in accordance with the requirements of the Privacy Amendment (Private Sector) Act 2000 National Privacy Principles personalEYES follows the 10 National Privacy Principles (NPPs) contained in the Privacy Act 1988, as amended. These NPPs set out how information may be collected and used, and the rights and responsibilities of the various parties in the collection, storage and use of that information.

Collection

Information collected by personalEYES about a patient is intended to be used only for the purpose of providing the best possible standard of eye care to that patient. This information may include information specifically about their visual and refractive status, as well as information about their previous refractive problems, general health and the health of their relatives. Information will generally be collected directly from the patient, although in some cases it will be necessary to obtain information from others, for example the patient’s optometrist or general practitioner. personalEYES will answer any queries the patient may have about the information being collected or the reasons that it is being collected.

Use and disclosure

Information provided by a patient will be used for the benefit of that patient, in particular to provide them with the highest possible standard of eye care. In some cases, this may require providing information about the patient to another health care practitioner, for example, when a patient is referred to us for treatment. When this occurs, the patient will be informed that the information is being provided. Information will be released when we are legally required to do so. In most cases this will require a court to order the release of the information, although information may also be released when we believe that this is necessary to prevent a serious and imminent threat to a person’s life, health or safety, or to public health and safety. Some information, such as the patient’s identity and the type of consultation provided, may be released in order to allow Medicare benefits to be claimed. Commonwealth legislation also allows records to be inspected by representatives of the Health Insurance Commission in order to investigate whether Medicare benefits have been paid inappropriately.

Data quality

personalEYES will make all reasonable efforts to ensure that the information held about a patient is complete, accurate and up-to-date. When a patient informs us of any inaccuracy, it will be corrected as soon as possible.

Data security

personalEYES will take all reasonable steps to ensure that the information they hold about a patient is protected from misuse, loss and unauthorised access or disclosure. The only people who have access to patient records are the ophthalmologists involved in the care of the patient, and practice staff, who need access for purposes such as laser treatment calculations and billing. No unauthorised persons are permitted to access the records. It is a policy of personalEYES that unauthorised release of personal information about patients is grounds for dismissal.

Openness

This policy document outlines the way this practice collects, handles and releases information about patients and is available to anyone who requests a copy. Patients who wish to find out more about how the Practice manages personal information should discuss this with personalEYES.

Access and correction

Patients may have access to the information held about them and, if the information is incorrect, amended information will be added to the records. Patients who wish to examine the information held about them should notify personalEYES, who will arrange for them to have access. personalEYES will assist the patient in interpreting the information in the record, and will explain any technical terms, abbreviations and jargon. If the patient believes that any factual information in the record is incorrect, the patient may ask personalEYES to correct it. Such corrections will be noted on the record, along with information such as when the alteration was made, who made it, and the reasons for the alteration. If there is a disagreement about whether the information is accurate, and this disagreement cannot be resolved, the patient may request that the disagreement be noted on the record, along with what they believe to be accurate information. personalEYES will prepare a summary of the information held about the patient for any patient who requests it. A reasonable fee may be charged for preparing the report. Under some circumstances personalEYES may refuse to provide access to the information held about a patient. This will only occur where releasing the information would pose a serious threat to the health of the patient or another person, would unreasonably impact on the privacy of another person, would interfere in legal investigations or other proceedings, or would otherwise be illegal. The physical record and the intellectual property contained in it remain the property of personalEYES at all times.

Identifiers

personalEYES will only use an identifier that has been assigned by a Commonwealth agency (such as Medicare number or Veterans’ Affairs number) for the purpose for which it has been assigned. Such identifiers will not be used for the Practice’s own internal purposes. The patient’s Medicare number will only be used for the purpose of claiming Medicare benefits.

Anonymity

Patients may request anonymity if they so desire, however they should be aware that this may lead to them receiving a lower standard of care, due to difficulty in accessing information about their previous condition. Anonymity may also prevent them claiming Medicare benefits.

Trans-border data flow

personalEYES will not transfer data about the patient to a recipient in a foreign country unless the data will receive at least the same level of protection as in Australia, and unless the patient gives their permission for personalEYES to do so.

Sensitive information

personalEYES will not collect sensitive information about the patient without the patient’s consent, except where law requires collecting such information, or where the patient (or their representative) cannot give consent and the information is needed to provide a health service to the patient or to reduce a threat to the life or health of another person. ‘Sensitive information’ is defined as information about a person’s health, their racial or ethnic origin, their political, religious or philosophical beliefs and affiliations, their membership in professional or trade associations or unions, their sexual preferences or practices, or their criminal record.